Find Virtual Hosts

Discover the virtual hosts configured on a given IP address.


Sample Find Virtual Hosts report

Here is a sample report from our Find Virtual Hosts that gives you a taste of how our tools save you time and reduce repetitive manual work.

  • Includes discovered virtual hosts and their IP addresses

  • The results are obtained in real-time

  • Option to quickly start in-depth scans using other pentest tools

Find Virtual Hosts Scanner Report Sample

How to use the pentesting tool

Use Cases for Find Virtual Hosts

Discover what virtual hosts are configured on a given IP address. Find multiple websites hosted on the same server and map additional entry points attackers can exploit.

  • Attack Surface Mapping & Maximization

    Discover additional websites hosted on the same IP address. Often less secure than the main website, they can help you gain easier access to the target.

  • Asset Inventory

    This tool helps you perform an independent asset inventory and check for unmaintained, forgotten, and unnecessary websites hosted on the target’s servers.

  • Real-Time Discovery

    Find Virtual Hosts provides real-time results, with no caching mechanism used, so you always get up-to-date findings.

Better vulnerability discovery.Faster pentest reporting.

Get instant access to custom vulnerability scanners and automation features that simplify the pentesting process and produce valuable results. The platform helps you cover all the stages of an engagement, from information gathering to website scanning, network scanning, exploitation and reporting. Find Virtual Hosts Scanner Sample Report

Find Virtual Hosts

Technical details


A single web server can be configured to run multiple websites at once, under different domain names. These are called virtual hosts (or vhosts) and they are usually found in shared hosting environments.

Example: -> -> ->

As a penetration tester, finding all the vhosts that run on a web server (based on its IP address) is important because each website may contain vulnerabilities that affect the same server. Furthermore, if one website is compromised, there is a high chance that the attacker gains unauthorized access to the other websites also that are running on the same server. Hence, testing all the vhosts is necessary for complete coverage of the penetration test.


IP address or HostnameThis identifies the server on which you search for virtual hosts. If a hostname is given, DNS resolution will be attempted first to find its IP address.

How it works

This tool uses multiple discovery techniques, such as: